OMP Domain Profile: FCA Consumer Duty, SM&CR Accountability, and AI Governance Evidence for UK Retail Financial Services

Introduction The FCA's Consumer Duty (PS22/9) established a new standard of conduct for retail financial services firms, requiring that firms act to deliver good outcomes for retail customers across four outcome areas: products and services, price and value, consumer understanding, and consumer support. The Duty requires firms to take positive action to deliver good outcomes -- a substantive shift from the previous Treating Customers Fairly (TCF) standard. As AI systems take increasing roles in retail financial services decisions, the Consumer Duty creates a specific evidence problem. The FCA requires firms to monitor and evidence consumer outcomes. Where AI systems contribute to those outcomes, firms must demonstrate that the AI system's contribution was consistent with the Duty: that it supported good outcomes, treated vulnerable customers appropriately, and did not introduce systematic unfairness. Simultaneously, the SM&CR requires that firms identify named Senior Managers responsible for each material area of firm activity. Where AI systems make or materially contribute to decisions, firms must demonstrate that a named, accountable Senior Manager bears responsibility and exercises genuine oversight of individual decisions at scale. The Mills Review (2026) identified the inability to demonstrate AI decision accountability at the interaction level as a material gap in current firm compliance architectures. The FCA has signalled that its supervisory expectations for AI governance evidence will increase as AI deployment in retail financial services accelerates. This document defines the DutyMark profile: the domain-specific instantiation of OMP for FCA-regulated AI deployments in UK retail financial services. DutyMark denotes that each AI decision is cryptographically marked against the firm's Consumer Duty obligations, producing a tamper-evident record demonstrating positive action to deliver good outcomes at the individual interaction level. Related OMP domain profiles include the AI Liability Insurance profile and the EU AI Act Article 12 profile . The OMP specification is also archived at . The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in .

Terminology This document uses the terminology defined in . In addition:

Consumer Duty: The FCA's Consumer Principle (PRIN 12) and associated cross-cutting rules and outcome rules established by Policy Statement PS22/9, effective July 31, 2023.
Good Outcome: A consumer outcome that meets the standard required under Consumer Duty: the firm has acted to deliver what a reasonable firm would consider a good outcome for the retail customer in the relevant circumstances.
Vulnerable Customer: A customer who, due to their personal circumstances, is especially susceptible to harm, particularly when a firm is not acting with appropriate levels of care, as defined in FCA Guidance FG21/1 .
Accountable Executive: The Senior Manager with SM&CR responsibility for the AI system's governance or for the business area in which the AI system operates. The Named Accountable Officer for ASSISTED and ESCALATED interactions above the configured significance threshold under this profile.
Consumer Duty Outcome Area: One of the four outcome areas specified in PS22/9: products and services, price and value, consumer understanding, consumer support.
DutyMark Invariant: The two-property invariant defined in : every AI-assisted retail financial services interaction generates a sealed DutyMark Audit Trace demonstrating Consumer Duty consistency, independently verifiable without access to the firm's infrastructure.
Principal Firm: An FCA-authorised firm that appoints agents and bears regulatory responsibility for the conduct of those agents under FSMA Section 39.

FCA Regulatory Framework Analysis

Consumer Duty (PS22/9) The Consumer Duty has three elements: Consumer Principle (PRIN 12) requiring firms to act to deliver good outcomes; cross-cutting rules requiring firms to act in good faith, avoid foreseeable harm, and enable customers to pursue their financial objectives; and outcome rules across the four outcome areas. Firms must monitor, regularly review, and be able to demonstrate to the FCA how their activities deliver good outcomes. Where AI systems contribute to outcomes, firms must demonstrate consistency with the Duty at the interaction level.

SM&CR: Named Accountability for AI Decisions The SM&CR requires named Senior Managers responsible for each material area of firm activity. For AI systems, firms must demonstrate that a named Senior Manager has been allocated AI governance responsibility, exercises genuine oversight of AI decisions (not merely formal responsibility), and that this oversight is evidenced at the interaction level. The OMP Named Accountable Officer mechanism maps directly onto this structure: for every ASSISTED or ESCALATED interaction, the Accountable Executive is identified and their review decision sealed in the DutyMark Audit Trace.

FCA Mills Review and AI Accountability The Mills Review (2026) identified four material gaps: firms can describe AI governance processes but cannot demonstrate at the interaction level that those processes were followed; AI recommendations are not consistently recorded alongside human decisions; vulnerable customer identification and treatment by AI systems is not evidenced at the interaction level; and the accountability chain from individual AI decisions to named SM&CR Senior Managers is absent in most firms. These are precisely the gaps the DutyMark profile closes.

FCA Agent Distribution Oversight Under FSMA Section 39, principal firms bear regulatory responsibility for appointed representatives' conduct. For Consumer Duty purposes, principal firms are responsible for ensuring AI-assisted decisions made by appointed representatives deliver good outcomes -- even where the AI system is deployed by the representative, not the principal. Section 6 specifies how OMP's chain integrity architecture addresses this challenge.

OMP DutyMark Profile

Routing States Under This Profile

AUTONOMOUS: Permitted only where: the interaction type and customer segment have been assessed as appropriate for autonomous determination; AI confidence meets the AUTONOMOUS threshold; no Watchtower has triggered; and the customer has not been flagged as potentially vulnerable by WT-FCA-03. The DutyMark Audit Trace MUST document the basis for autonomous determination.
ASSISTED: Standard routing for interactions above the significance threshold, involving potentially vulnerable customers, or where Consumer Duty considerations require Accountable Executive review. The Accountable Executive's identity, review timestamp, and outcome assessment are sealed in the DutyMark Audit Trace.
ESCALATED: Triggered by Watchtower detection of potential foreseeable harm (WT-FCA-01), price or value unfairness (WT-FCA-02), vulnerable customer indicator (WT-FCA-03), consumer understanding failure (WT-FCA-04), or suitability concern (WT-FCA-05). The interaction MUST NOT be finalised until Accountable Executive review.

Named Accountable Officer: The FCA-Accountable Individual The Named Accountable Officer under this profile is the Accountable Executive: the Senior Manager with SM&CR responsibility for the AI system's governance. Required fields in the Accountable Executive record:

accountable_executive_id: FCA Individual Reference Number (IRN) or stable internal identifier;
accountable_executive_smcr_function: SM&CR Senior Manager Function designation (e.g., SMF3, SMF4, SMF16);
review_timestamp: ISO 8601 UTC of the review action;
outcome_assessment: one of GOOD_OUTCOME, REMEDIATION_REQUIRED, ESCALATION_TO_COMPLAINTS;
vulnerability_response: REQUIRED where WT-FCA-03 was triggered.

Confidence Score Configuration C_p (policy compliance) reflects the AI system's evaluation against the firm's Consumer Duty policies. A value of 0.0 MUST force ESCALATED routing. C_d (data completeness) reflects the completeness of customer data; where data is incomplete in ways that may affect outcome quality, C_d MUST be reduced to trigger ASSISTED routing. C_m reflects the AI system's own confidence in its recommendation.

Watchtower Definitions

WT-FCA-01: Foreseeable Harm Prevention Gate Trigger: AI recommendation would foreseeably cause harm based on the firm's Consumer Duty harm assessment framework. Action: HARD_BLOCK for immediate harm; FORCE_ESCALATED for foreseeable harm requiring Accountable Executive assessment. Rationale: The Consumer Duty cross-cutting rule requires firms to avoid causing foreseeable harm. This Watchtower enforces the avoidance obligation structurally: AI recommendations that foreseeably harm retail customers cannot proceed without Accountable Executive review, and cannot proceed at all where immediate harm is detected.

WT-FCA-02: Price and Value Fairness Gate Trigger: AI pricing or value determination falls outside the firm's Consumer Duty price and value framework. Action: FORCE_ESCALATED. Accountable Executive reviews and either approves with documented justification or modifies the outcome. Rationale: PS22/9 requires firms to ensure price represents fair value. AI-assisted pricing must be evidenced at the interaction level as consistent with this requirement. Watchtower configuration MUST be reviewable by the FCA upon supervisory request.

WT-FCA-03: Vulnerable Customer Gate Trigger: Any indicator of characteristics of vulnerability as defined in FCA Guidance FG21/1 : disclosed financial difficulty, health condition, recent life event, low financial capability score, or pattern consistent with vulnerability indicators. Action: FORCE_ASSISTED for a single vulnerability indicator; FORCE_ESCALATED for multiple indicators or confirmed vulnerability disclosure. Rationale: FG21/1 requires firms to identify and respond appropriately to vulnerable customers. AI systems applying standard processing to customers displaying vulnerability indicators fail this obligation. This Watchtower ensures vulnerability indicators generate a mandatory review record and Accountable Executive response.

WT-FCA-04: Consumer Understanding Gate Trigger: AI-generated customer communication does not meet the firm's Consumer Duty consumer understanding standards. Action: FORCE_ESCALATED. Accountable Executive reviews and approves or requires revision before delivery. Rationale: PS22/9 requires firms to ensure retail customers receive communications they can understand. AI-generated communications failing the firm's understanding standards cannot be sent without Accountable Executive approval.

WT-FCA-05: Suitability and Appropriateness Gate Trigger: For AI-assisted investment, pension, or protection recommendations: recommendation does not meet suitability or appropriateness standards under COBS or ICOBS. Action: HARD_BLOCK for unsuitable recommendations; FORCE_ESCALATED for appropriateness questions. Rationale: Suitability and appropriateness requirements under COBS and ICOBS are not discharged by AI recommendations without human oversight. AI-assisted suitability determinations failing the applicable standard are blocked before reaching the customer.

WT-FCA-06: Agent Distribution Chain Gate Trigger: For principal firms: any distribution chain AI interaction where the appointed representative's system has not generated a conformant DutyMark Audit Trace. Action: FORCE_ESCALATED. Principal firm's Accountable Executive is notified of the distribution chain evidence gap. Rationale: Principal firms bear Consumer Duty responsibility for their distribution chain under FSMA Section 39. This Watchtower enables principal firms to identify distribution chain evidence gaps before they become FCA supervisory issues.

Audit Trace Schema Extensions The following fields are REQUIRED under the DutyMark profile, in addition to core fields in Section 7:

consumer_duty_outcome_area: string, REQUIRED. One of: "products_and_services", "price_and_value", "consumer_understanding", "consumer_support".
consumer_outcome_assessment: string, REQUIRED. One of: "good_outcome", "outcome_uncertain", "remediation_required".
vulnerability_indicators: array of strings, REQUIRED if WT-FCA-03 triggered; empty array otherwise. Values from FCA FG21/1 taxonomy.
accountable_executive_id: string, REQUIRED for ASSISTED and ESCALATED; NULL for AUTONOMOUS below significance threshold. SHOULD be the FCA IRN.
accountable_executive_smcr_function: string, REQUIRED where accountable_executive_id is non-null.
outcome_assessment: string, REQUIRED for ASSISTED and ESCALATED. One of: GOOD_OUTCOME, REMEDIATION_REQUIRED, ESCALATION_TO_COMPLAINTS.
distribution_chain_flag: boolean, REQUIRED. True if interaction was generated by or on behalf of an appointed representative.
principal_firm_id: string, REQUIRED if distribution_chain_flag is true. FCA Firm Reference Number (FRN) of the principal firm.
consumer_duty_board_report_period: string, OPTIONAL. Identifier for the Consumer Duty annual board reporting period.
profile_version: string, REQUIRED. MUST be "VERIDOM-DUTYMARK-v1.0".

Consumer Duty Outcome Mapping For products and services: WT-FCA-05 MUST be active for all AI-assisted product recommendations where suitability or appropriateness requirements apply under COBS or ICOBS. consumer_duty_outcome_area MUST be set to "products_and_services". For price and value: WT-FCA-02 MUST be active for all AI-assisted pricing interactions, with documented fairness parameters derived from the firm's Consumer Duty price and value assessment framework and reviewable by the FCA upon supervisory request. For consumer understanding: WT-FCA-04 MUST be active for all AI-generated communications to retail customers, with documented readability and comprehension standards appropriate to the customer segments served. For consumer support: WT-FCA-01 and WT-FCA-03 MUST be active for all AI-assisted customer support interactions. AI-assisted systems MUST immediately route to ESCALATED any customer who indicates they wish to speak to a human representative.

Agent Distribution Oversight The DutyMark profile addresses principal firm distribution oversight through a two-level architecture. At the appointed representative level, the representative's AI system implements DutyMark and generates Audit Traces for each interaction, provided to the principal firm as part of the distribution oversight framework. At the principal firm level, WT-FCA-06 verifies that distribution chain interactions are generating conformant DutyMark Audit Traces. Where a chain interaction lacks a conformant Trace, WT-FCA-06 triggers ESCALATED at the principal firm level. The OMP chain integrity architecture ensures that DutyMark Audit Traces from appointed representative systems are sealed in a way the principal firm and FCA can verify independently, without relying on the appointed representative's self-reporting. Principal firms MUST document their distribution chain oversight arrangements in their Consumer Duty monitoring framework.

The DutyMark Invariant Implementations of this profile MUST satisfy the following two-property invariant:

Property 1 (Outcome evidence completeness): Every AI-assisted retail financial services interaction contributing to a consumer outcome MUST generate a sealed DutyMark Audit Trace documenting the Consumer Duty outcome area, consumer outcome assessment, any vulnerability indicators, and (for ASSISTED and ESCALATED interactions) the Accountable Executive's identity and outcome determination.
Property 2 (Immutable trail): The DutyMark Audit Trace MUST be sealed with the three-layer integrity architecture defined in Section 7, using JSON canonicalization per . Any modification to any historical record MUST be detectable by any third party -- including the FCA -- without access to the firm's or OMP implementer's infrastructure.

A firm satisfying the DutyMark Invariant can demonstrate to the FCA, for any interaction: the Consumer Duty outcome area; whether the AI system assessed a good, uncertain, or remediation-required outcome; whether vulnerability indicators were detected and how they were responded to; whether the Accountable Executive reviewed the interaction and their outcome determination; and that the record has not been altered since sealing.

SM&CR Accountability Record The accountable_executive_id and accountable_executive_smcr_function fields create a sealed SM&CR Accountability Record for every ASSISTED and ESCALATED interaction: a tamper-evident record naming the Senior Manager who exercised oversight of the specific AI recommendation. Firms undergoing FCA supervisory examination of their SM&CR mapping for AI systems can present the DutyMark Audit Trace stream as contemporaneous evidence that SM&CR accountability is exercised in practice, not only in governance documentation. For Consumer Duty annual board reporting, firms MAY use the DutyMark Audit Trace stream aggregated by consumer_duty_board_report_period as the primary evidence source for the board's Consumer Duty outcome monitoring.

FCA Supervisory Examination Package Upon FCA supervisory request, a firm implementing DutyMark MUST produce a Supervisory Examination Package for any specified period containing: all sealed DutyMark Audit Traces organised by consumer_duty_outcome_area and routing_outcome; chain integrity proof (SHA-256 Merkle root and chain paths); Timestamp Authority (per ) verification from the OMP Reference Validator ; outcome distribution summary by outcome area and interaction type; vulnerability response record summarising WT-FCA-03 activations; SM&CR accountability record listing Accountable Executives and their SM&CR functions; and for principal firms, a distribution chain summary of WT-FCA-06 activations. The package MUST be producible within 30 seconds for any specified period. It is self-contained: the FCA, a skilled person reviewer, or an independent auditor can verify its integrity using only the OMP Reference Validator and the Timestamp Authority's public key material, without access to the firm's systems.

Security Considerations The security considerations of apply in full. Accountable Executive identity: accountable_executive_id SHOULD be the FCA IRN. Where it is not, operators MUST maintain an audit-grade mapping between the internal identifier and the individual's IRN, available for FCA supervisory inspection. Vulnerability data sensitivity: The vulnerability_indicators field may contain sensitive personal data. Operators MUST implement appropriate access controls consistent with UK GDPR and FCA consumer data protection expectations. Distribution chain integrity: For principal firms, chain integrity of DutyMark Audit Traces from appointed representative systems MUST be verifiable by the principal firm. Appointed representative systems MUST implement the full three-layer integrity architecture, not merely local logging. Retrospective documentation: DutyMark Audit Traces MUST be generated at the moment of the AI decision, not retrospectively. Any mechanism allowing retrospective creation or modification of Audit Traces is inconsistent with this profile.

IANA Considerations This document has no IANA actions.